Problem after updating SSL certificates

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

grookier
Posts: 25
Joined: 28 Sep 2016, 10:40

Problem after updating SSL certificates

Postby grookier » 26 Mar 2020, 15:11

Good evening,
a few months ago I enabled HTTPS on smartfoxserver2 following the official documentation http://docs2x.smartfoxserver.com/GettingStarted/cryptography

Everything worked correctly without ever having to intervene.
Today I connected to the admin address and the certificate is unsafe, and my apps no longer work.

I followed the guide again, I gave the same commands to create the new keystore.jks file, I imported it from the admin panel, but the certificate was still insecure by connecting to https://my_domain.it:8443/admin/.

So I restarted the server. Now the panel is no longer accessible in any way, however it seems that smartfoxserver starts correctly from the logs.
console log
https://pastebin.com/K4wr5mET

smartfox.log
https://pastebin.com/qX8qP36d

boot.log
https://pastebin.com/Kra2Mbb7

server.xml

Code: Select all

  <Connector SSLEnabled="true" clientAuth="false" keystoreFile="lib/apache-tomcat/conf/keystore.jks" keystorePass="***********" maxThreads="200" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS"/>



If I try to connect to the admin panel, the connection times out ERR_TIMED_OUT

EDIT
Without making further restarts for 15 minutes, suddenly it worked and the certificate is safe.

What is this slowness due to?

Is there any way to automatically update the keystore.jks file, or do I have to create a script?
User avatar
Lapo
Site Admin
Posts: 21370
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Problem after updating SSL certificates

Postby Lapo » 26 Mar 2020, 16:53

Hi,
for starters it's not clear why the certificate was no longer valid. Did it expire? If so did you renew it?

As regards the delay you mentioned at the end of the post:
in your smartfox.log file the last log message available is

Code: Select all

SmartFoxServer 2X (2.14.0) READY!

This is actually not the last boot message as a few seconds later you should also see this message:

Code: Select all

BlueBox Service (4.0.0) READY.


This is what it looks like on my laptop:

Code: Select all

17:50:08,687 INFO  [SFSWorker:Sys:1] v2.SmartFoxServer     - SmartFoxServer 2X (2.15.0) READY!
17:50:11,317 INFO  [TomcatRunner] bluebox.BBSessionFilter     - BlueBox Service (4.0.0) READY.

It takes roughly 2-3 extra seconds for Tomcat to boot and initialize the SFS2X-related services.

If you attempt to connect via HTTP before Tomcat is ready you will likely get an error. Maybe on your server Tomcat is booting up very slowly? Check your log files and see how long it takes before the BlueBox message appears.

Thanks
Lapo
--
gotoAndPlay()
...addicted to flash games
grookier
Posts: 25
Joined: 28 Sep 2016, 10:40

Re: Problem after updating SSL certificates

Postby grookier » 27 Mar 2020, 11:05

Hello Lapo,

Yes, the certificates had expired, I automatically update those of the domain with lets'encrypt, but apparently I have to automatically regenerate them and re-import them for smartfox. So yes, I regenerated and improtated them.

This is the delay that I recovered from yesterday's log:

Code: Select all

26 Mar 2020 | 16:17:44,049 | INFO  | SFSWorker:Sys:1 | smartfoxserver.v2.SmartFoxServer |     | SmartFoxServer 2X (2.14.0) READY!
26 Mar 2020 | 16:26:01,136 | INFO  | main | tomcat.bluebox.BBSessionFilter |     | BlueBox Service (4.0.0) READY.
User avatar
Lapo
Site Admin
Posts: 21370
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Problem after updating SSL certificates

Postby Lapo » 27 Mar 2020, 16:21

Hi,
that looks pretty weird! :shock:
Unless SFS2X is running on a Commodore C64 you should not be seeing 9 minutes between those two events :)

Jokes aside, it seems very strange. Is it possible your server machine was busy doing something else when you booted up SFS2X?
What are the hardware specs of the machine?

Thanks
Lapo

--

gotoAndPlay()

...addicted to flash games
grookier
Posts: 25
Joined: 28 Sep 2016, 10:40

Re: Problem after updating SSL certificates

Postby grookier » 27 Mar 2020, 18:01

These are the server specs, it doesn't seem so bad to me :D :

CPU:
4 vCore
RAM:
8 GiB
Storage:
100 GiB

I have nothing in use besides smartfoxserver, it is a server dedicated only to this.

I also restarted the server during the various tests.
User avatar
Lapo
Site Admin
Posts: 21370
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Problem after updating SSL certificates

Postby Lapo » 28 Mar 2020, 11:58

Well, there's no indication what CPU is being used.
Since it's a virtualized CPU you're getting a slice of the actual hardware and from the boot times you're getting it looks like a very small slice.

As a comparison I've tried running SFS2X 2.14 on the smallest Amazon EC2 instance, a t3.nano.
This is what it looks like:

Code: Select all

28 Mar 2020 | 11:54:03,033 | INFO  | SFSWorker:Sys:1 | smartfoxserver.v2.SmartFoxServer |     | SmartFoxServer 2X (2.14.0) READY!
28 Mar 2020 | 11:55:00,431 | INFO  | main | tomcat.bluebox.BBSessionFilter |     | BlueBox Service (4.0.0) READY.


Also keep in mind that the boot process is entirely mono-threaded, so multiple cores won't make a difference. Still I find it hard to believe that Tomcat requires 9 minutes to boot on your server.
I would recommend checking with a CPU monitor what happens during the SFS2X boot and if all CPU is used only by its process or if it's contended among other services. If 9 minutes is the best you can get it might be an indication that these kind of virtual servers are pretty bad :(

Hope it helps
Lapo

--

gotoAndPlay()

...addicted to flash games
grookier
Posts: 25
Joined: 28 Sep 2016, 10:40

Re: Problem after updating SSL certificates

Postby grookier » 28 Mar 2020, 18:18

Thanks for the info, I will be monitoring the CPU status at the next reboot.

Return to “SFS2X Questions”

Who is online

Users browsing this forum: No registered users and 24 guests